There are a bunch of FPGA development boards to choose from, but how many will fit inside your laptop? The PicoEVB is a tiny board that connects to a M.2 slot and provides an evaluation platform for the Xilinx Artix-7 FPGA family.

This minimalist board sports a few LEDs, a PCIe interface, an integrated debugger, on-board EEPROM, and some external connectors for hooking up other bits and pieces. The M.2 connector provides the board with power, USB for debugging, and PCIe for user applications.

A major selling point of this board is the PCIe interface. Most FPGA boards with PCIe …read more

Getting bounced to a website by scanning a QR code is no longer an exciting feat of technology, but what if you scanned the ingredient list on your granola bar and it went to the company’s page for that specific flavor, sans the matrix code?

Bright minds at the Columbia University in the City of New York have “perturbed” ordinary font characters so the average human eye won’t pick up the changes. Even ordinary OCR won’t miss a beat when it looks at a passage with a hidden message. After all, these “perturbed” glyphs are like a perfectly legible character …read more

Blowing an acrylic sheet after heating it is an easy way to make a smooth and transparent canopy or bubble for anything from clams to light fixtures. [Michael Barton-Sweeney] does it using plastic blow ovens he made cheaply, mainly from stuff which most of us already have in our workshops.

All you need is a way to heat the plastic, to then clamp it down around the edges, and finally to blow air into it as you would when blowing up a balloon. Of course, there are things to watch out for such as making sure the plastic is heated …read more

This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.

This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.

This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.

Ubuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

Ubuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

Ubuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

Ubuntu Security Notice 3664-1 - Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers.

Ubuntu Security Notice 3664-1 - Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers.

Ubuntu Security Notice 3664-1 - Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers.

[Keith Decent] recently got himself involved in a plywood challenge, and decided to make a single-pickup electric guitar. Since he is a prolific hoarder of scrap wood, the result is a lovely stack of laminates from many sources, including reclaimed cabinet doors. Really though, the wood is just the beginning—nearly every piece of this texture-rich axe started life as something else.

He’s made a cigar box guitar before, but never a bona fide solid-body electric. As you might guess, he learned quite a bit in the process. [Keith] opted for a neck-through design instead of bolting one on and using …read more

If you ask us, one of life’s greatest pleasures is sitting down with a nice, hot cup of something of coffee, tea or hot chocolate. Of course, the best part of this ritual is when the beverage has cooled enough to reach that short window of optimal drinking temperature.

Often times the unthinkable happens—we sip too early and get burned, or else become distracted by watching cat videos reading our colleagues’ Hackaday posts and miss the window altogether. What’s to be done? Something we wish we’d thought of: using the beverage’s heat to cool itself by way of thermal dynamics. …read more

A robot is made up of many hardware components each of which requires its own software. Even a small robot arm with a handful of servo motors uses a servo motor library.

Add that arm to a wheeled vehicle and you have more motors. Then attach some ultrasonic sensors for collision avoidance or a camera for vision. By that point, you’ve probably split the software into multiple processes: one for the arm, another for the mobility, one for vision, and one to act as the brains interfacing somehow with all the rest. The vision may be doing object recognition, something …read more

This is a stellar hack, folks. [Tom7] pulled off both full-motion video and running a Super Nintendo game on a regular old Nintendo with one very cute trick. And he gives his presentation of how he did it on the Nintendo itself — Nintendo Power(point)! The “whats” and the “hows” are explained over the course of two videos, also embedded below.

In the first, he shows it all off and gives you the overview. It’s as simple as this: Nintendo systems store 8×8 pixel blocks of graphics for games on their ROM cartridges, and the running program pulls these up …read more

Has the food in your pantry turned? Sometimes it’s the sickening smell of rot that tells you there’s something amiss. But is there a way to catch this before it makes life unpleasant? If only there were machines that could smell spoiled food before it stinks up the whole place.

In early May, I was lucky enough to attend the fourth FabLab Asia Network Conference (Fan4). The theme of their event this year was ‘Co-Create a Better World’. One of the major features of the conference was that there were a number of projects featured, often from rural areas, that …read more

If you’ve ever worked in a stingy office, you’ve become familiar with the communal coffee maker that runs on some variant of the honor system. There’s bits of paper, a coin jar shabbily sealed with sticky tape, and the routine note every six months telling people off for not paying for their daily brew. It all gets a bit much. Thankfully, if you work with [Fabian], it’s no longer a problem (PDF link).

The project forms the basis for [Fabian]’s thesis, in which a DeLonghi coffee maker is reverse engineered. This is undertaken with the explicit goal of properly metering …read more

We’ve all been there: after assessing a problem and thinking about a solution, we immediately rush to pursue the first that comes to mind, only to later find that there was a vastly simpler alternative. Thankfully, developing an obscure solution, though sometimes frustrating at the time, does tend to make a good Hackaday post. This time it was [David Wehr] and AudioSerial: a simple way of outputting raw serial data over the audio port of an Android phone. Though [David] could have easily used USB OTG for this project, many microcontrollers don’t have the USB-to-TTL capabilities of his Arduino – …read more